149 matches found
PT-2024-23031 · Unknown · Podlove Web Player
Name of the Vulnerable Software and Affected Versions: Podlove Web Player versions through 5.7.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. Recommendations: For versions through 5.7.1,...
WordPress Plugin Podlove Web Player 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Podlove Web Player Plugin <= 5.7.1 is vulnerable to Cross Site Scripting (XSS)
Software Podlove Web Player Type Plugin Vulnerable versions = 5.7.1 Fixed in 5.7.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29788 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b470ae958d72 Credits Ngô Thiên An ancorn from VNPT-VCI...
The vulnerability of the Podlove Web Player plugin in the WordPress content management system, related to deficiencies in the authentication process, allows attackers to compromise the integrity and confidentiality of protected information.
The vulnerability of the Podlove Web Player plugin in the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to compromise the integrity and confidentiality of the protected information...
Authorization
Missing Authorization vulnerability in Podlove Podlove Web Player.This issue affects Podlove Web Player: from n/a through 5.7.3...
CVE-2023-47691
CVE-2023-47691 is rejected and not an active vulnerability entry.
Podlove Web Player <= 5.7.3 - Missing Authorization
Description The Podlove Web Player plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 5.7.3. This makes it possible for unauthenticated attackers to perform an unauthorized action...
PT-2023-8830 · WordPress · Podlove Web Player
Name of the Vulnerable Software and Affected Versions: Podlove Web Player versions through 5.7.3 Description: The issue is related to insufficient authorization procedures in the Podlove Web Player plugin for WordPress, allowing a remote attacker to impact the integrity and confidentiality of...
CVE-2022-30579
The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery SSRF on the affect...
CVE-2022-30579
The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery SSRF on the affect...
MAL-2022-2539 Malicious code in dm-podcast-web-player (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 93a32eabcd198d5747f7b110d2f42aec6128f554bad7370bcfb169f39c07e5e4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2019-17336 TIBCO Spotfire Web Player Potentially Exposes Credentials For Shared Data Sources
The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data...
CVE-2015-9288
The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials...
Command injection
The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials...
CVE-2015-9288
The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials...
CVE-2015-9288
CVE-2015-9288 affects the Unity Web Player plugin. Affected versions include the plugin prior to 4.6.6f2 and 5.x prior to 5.0.3f2. The vulnerability allows attackers to read messages or access online services using a victim’s credentials, implying credential-access leakage via the plugin. Connect...
Sql injection
Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit laten...
CVE-2017-3181
Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit laten...
CVE-2018-5435
The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple...
X (Formerly Twitter): Multiple DOMXSS on Amplify Web Player
Hi, I would like to report multiple DOMXSS issues on https://amp.twimg.com/amplify-web-player/prod/source.html. Details: Please use latest IE to open all the PoCs because of CSP 1. $.get sink javascript define"data/playlist/withjsonloader", "require", "flight/lib/compose",...